| OLD | NEW |
| 1 /* | 1 /* |
| 2 * Gather (Read) entire SSL2 records from socket into buffer. | 2 * Gather (Read) entire SSL2 records from socket into buffer. |
| 3 * | 3 * |
| 4 * ***** BEGIN LICENSE BLOCK ***** | 4 * ***** BEGIN LICENSE BLOCK ***** |
| 5 * Version: MPL 1.1/GPL 2.0/LGPL 2.1 | 5 * Version: MPL 1.1/GPL 2.0/LGPL 2.1 |
| 6 * | 6 * |
| 7 * The contents of this file are subject to the Mozilla Public License Version | 7 * The contents of this file are subject to the Mozilla Public License Version |
| 8 * 1.1 (the "License"); you may not use this file except in compliance with | 8 * 1.1 (the "License"); you may not use this file except in compliance with |
| 9 * the License. You may obtain a copy of the License at | 9 * the License. You may obtain a copy of the License at |
| 10 * http://www.mozilla.org/MPL/ | 10 * http://www.mozilla.org/MPL/ |
| (...skipping 18 matching lines...) Expand all Loading... |
| 29 * in which case the provisions of the GPL or the LGPL are applicable instead | 29 * in which case the provisions of the GPL or the LGPL are applicable instead |
| 30 * of those above. If you wish to allow use of your version of this file only | 30 * of those above. If you wish to allow use of your version of this file only |
| 31 * under the terms of either the GPL or the LGPL, and not to allow others to | 31 * under the terms of either the GPL or the LGPL, and not to allow others to |
| 32 * use your version of this file under the terms of the MPL, indicate your | 32 * use your version of this file under the terms of the MPL, indicate your |
| 33 * decision by deleting the provisions above and replace them with the notice | 33 * decision by deleting the provisions above and replace them with the notice |
| 34 * and other provisions required by the GPL or the LGPL. If you do not delete | 34 * and other provisions required by the GPL or the LGPL. If you do not delete |
| 35 * the provisions above, a recipient may use your version of this file under | 35 * the provisions above, a recipient may use your version of this file under |
| 36 * the terms of any one of the MPL, the GPL or the LGPL. | 36 * the terms of any one of the MPL, the GPL or the LGPL. |
| 37 * | 37 * |
| 38 * ***** END LICENSE BLOCK ***** */ | 38 * ***** END LICENSE BLOCK ***** */ |
| 39 /* $Id: sslgathr.c,v 1.12 2010/04/25 23:37:38 nelson%bolyard.com Exp $ */ | 39 /* $Id: sslgathr.c,v 1.13 2012/03/11 04:32:35 wtc%google.com Exp $ */ |
| 40 #include "cert.h" | 40 #include "cert.h" |
| 41 #include "ssl.h" | 41 #include "ssl.h" |
| 42 #include "sslimpl.h" | 42 #include "sslimpl.h" |
| 43 #include "sslproto.h" | 43 #include "sslproto.h" |
| 44 | 44 |
| 45 /* Forward static declarations */ | 45 /* Forward static declarations */ |
| 46 static SECStatus ssl2_HandleV3HandshakeRecord(sslSocket *ss); | 46 static SECStatus ssl2_HandleV3HandshakeRecord(sslSocket *ss); |
| 47 | 47 |
| 48 /* | 48 /* |
| 49 ** Gather a single record of data from the receiving stream. This code | 49 ** Gather a single record of data from the receiving stream. This code |
| (...skipping 84 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 134 gs->offset += nb; | 134 gs->offset += nb; |
| 135 gs->remainder -= nb; | 135 gs->remainder -= nb; |
| 136 | 136 |
| 137 if (gs->remainder > 0) { | 137 if (gs->remainder > 0) { |
| 138 continue; | 138 continue; |
| 139 } | 139 } |
| 140 | 140 |
| 141 /* Probably finished this piece */ | 141 /* Probably finished this piece */ |
| 142 switch (gs->state) { | 142 switch (gs->state) { |
| 143 case GS_HEADER: | 143 case GS_HEADER: |
| 144 » if ((ss->opt.enableSSL3 || ss->opt.enableTLS) && !ss->firstHsDone) { | 144 » if (!SSL3_ALL_VERSIONS_DISABLED(&ss->vrange) && !ss->firstHsDone) { |
| 145 | 145 |
| 146 PORT_Assert( ss->opt.noLocks || ssl_Have1stHandshakeLock(ss) ); | 146 PORT_Assert( ss->opt.noLocks || ssl_Have1stHandshakeLock(ss) ); |
| 147 | 147 |
| 148 /* If this looks like an SSL3 handshake record, | 148 /* If this looks like an SSL3 handshake record, |
| 149 ** and we're expecting an SSL2 Hello message from our peer, | 149 ** and we're expecting an SSL2 Hello message from our peer, |
| 150 ** handle it here. | 150 ** handle it here. |
| 151 */ | 151 */ |
| 152 if (gs->hdr[0] == content_handshake) { | 152 if (gs->hdr[0] == content_handshake) { |
| 153 if ((ss->nextHandshake == ssl2_HandleClientHelloMessage) || | 153 if ((ss->nextHandshake == ssl2_HandleClientHelloMessage) || |
| 154 (ss->nextHandshake == ssl2_HandleServerHelloMessage)) { | 154 (ss->nextHandshake == ssl2_HandleServerHelloMessage)) { |
| (...skipping 23 matching lines...) Expand all Loading... |
| 178 } else if (gs->hdr[0] == content_alert) { | 178 } else if (gs->hdr[0] == content_alert) { |
| 179 if (ss->nextHandshake == ssl2_HandleServerHelloMessage) { | 179 if (ss->nextHandshake == ssl2_HandleServerHelloMessage) { |
| 180 /* XXX This is a hack. We're assuming that any failure | 180 /* XXX This is a hack. We're assuming that any failure |
| 181 * XXX on the client hello is a failure to match | 181 * XXX on the client hello is a failure to match |
| 182 * XXX ciphers. | 182 * XXX ciphers. |
| 183 */ | 183 */ |
| 184 PORT_SetError(SSL_ERROR_NO_CYPHER_OVERLAP); | 184 PORT_SetError(SSL_ERROR_NO_CYPHER_OVERLAP); |
| 185 return SECFailure; | 185 return SECFailure; |
| 186 } | 186 } |
| 187 } | 187 } |
| 188 » }» /* ((ss->opt.enableSSL3 || ss->opt.enableTLS) && !ss->firstHsDon
e) */ | 188 » } |
| 189 | 189 |
| 190 /* we've got the first 3 bytes. The header may be two or three. */ | 190 /* we've got the first 3 bytes. The header may be two or three. */ |
| 191 if (gs->hdr[0] & 0x80) { | 191 if (gs->hdr[0] & 0x80) { |
| 192 /* This record has a 2-byte header, and no padding */ | 192 /* This record has a 2-byte header, and no padding */ |
| 193 gs->count = ((gs->hdr[0] & 0x7f) << 8) | gs->hdr[1]; | 193 gs->count = ((gs->hdr[0] & 0x7f) << 8) | gs->hdr[1]; |
| 194 gs->recordPadding = 0; | 194 gs->recordPadding = 0; |
| 195 } else { | 195 } else { |
| 196 /* This record has a 3-byte header that is all read in now. */ | 196 /* This record has a 3-byte header that is all read in now. */ |
| 197 gs->count = ((gs->hdr[0] & 0x3f) << 8) | gs->hdr[1]; | 197 gs->count = ((gs->hdr[0] & 0x3f) << 8) | gs->hdr[1]; |
| 198 /* is_escape = (gs->hdr[0] & 0x40) != 0; */ | 198 /* is_escape = (gs->hdr[0] & 0x40) != 0; */ |
| (...skipping 247 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 446 PORT_ZFree(gs->buf.buf, gs->buf.space); | 446 PORT_ZFree(gs->buf.buf, gs->buf.space); |
| 447 PORT_Free(gs->inbuf.buf); | 447 PORT_Free(gs->inbuf.buf); |
| 448 } | 448 } |
| 449 } | 449 } |
| 450 | 450 |
| 451 /* Caller must hold RecvBufLock. */ | 451 /* Caller must hold RecvBufLock. */ |
| 452 static SECStatus | 452 static SECStatus |
| 453 ssl2_HandleV3HandshakeRecord(sslSocket *ss) | 453 ssl2_HandleV3HandshakeRecord(sslSocket *ss) |
| 454 { | 454 { |
| 455 SECStatus rv; | 455 SECStatus rv; |
| 456 SSL3ProtocolVersion version = (ss->gs.hdr[1] << 8) | ss->gs.hdr[2]; | |
| 457 | 456 |
| 458 PORT_Assert( ss->opt.noLocks || ssl_HaveRecvBufLock(ss) ); | 457 PORT_Assert( ss->opt.noLocks || ssl_HaveRecvBufLock(ss) ); |
| 459 PORT_Assert( ss->opt.noLocks || ssl_Have1stHandshakeLock(ss) ); | 458 PORT_Assert( ss->opt.noLocks || ssl_Have1stHandshakeLock(ss) ); |
| 460 | 459 |
| 461 /* We've read in 3 bytes, there are 2 more to go in an ssl3 header. */ | 460 /* We've read in 3 bytes, there are 2 more to go in an ssl3 header. */ |
| 462 ss->gs.remainder = 2; | 461 ss->gs.remainder = 2; |
| 463 ss->gs.count = 0; | 462 ss->gs.count = 0; |
| 464 | 463 |
| 465 /* Clearing these handshake pointers ensures that | 464 /* Clearing these handshake pointers ensures that |
| 466 * ssl_Do1stHandshake won't call ssl2_HandleMessage when we return. | 465 * ssl_Do1stHandshake won't call ssl2_HandleMessage when we return. |
| 467 */ | 466 */ |
| 468 ss->nextHandshake = 0; | 467 ss->nextHandshake = 0; |
| 469 ss->securityHandshake = 0; | 468 ss->securityHandshake = 0; |
| 470 | 469 |
| 471 /* Setting ss->version to an SSL 3.x value will cause | 470 /* Setting ss->version to an SSL 3.x value will cause |
| 472 ** ssl_GatherRecord1stHandshake to invoke ssl3_GatherCompleteHandshake() | 471 ** ssl_GatherRecord1stHandshake to invoke ssl3_GatherCompleteHandshake() |
| 473 ** the next time it is called. | 472 ** the next time it is called. |
| 474 **/ | 473 **/ |
| 475 rv = ssl3_NegotiateVersion(ss, version); | 474 rv = ssl3_NegotiateVersion(ss, SSL_LIBRARY_VERSION_MAX_SUPPORTED, |
| 475 » » » PR_TRUE); |
| 476 if (rv != SECSuccess) { | 476 if (rv != SECSuccess) { |
| 477 return rv; | 477 return rv; |
| 478 } | 478 } |
| 479 | 479 |
| 480 ss->sec.send = ssl3_SendApplicationData; | 480 ss->sec.send = ssl3_SendApplicationData; |
| 481 | 481 |
| 482 return SECSuccess; | 482 return SECSuccess; |
| 483 } | 483 } |
| OLD | NEW |